Danny20v / eid-applet

Automatically exported from code.google.com/p/eid-applet
Other
0 stars 0 forks source link

PIN cache not working for SignRequest #89

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. From the service send a AuthenticationRequestMessage to the applet with the 
following headers: X-AppletProtocol-PreLogoff: false, X-AppletProtocol-Logoff: 
false
2. User enters PIN and is authenticated.
3. Keep the card in the reader so the PIN caching is not lost.
1. From the service send a SignRequestMessage to the applet with the following 
headers: X-AppletProtocol-PreLogoff: false, X-AppletProtocol-Logoff: false
2. User gets OK to sign? prompt and clicks OK.
3. User has to enter PIN again!

What is the expected output? What do you see instead?

I expect the user not having to enter his pin again, but the pin is requested 
for this and all subsequent SignRequest's.

What version of the product are you using? On what operating system?

This happens in both 1.0.5.GA and 1.0.4.GA.

Please provide any additional information below.

Our objective is to create a batch sign process. Where one after another 
SignRequest is sent and the user does not have to enter his/her PIN each time.

Original issue reported on code.google.com by kevin.va...@gmail.com on 12 Jun 2013 at 1:11

GoogleCodeExporter commented 9 years ago
Hello?

Original comment by kevin.va...@gmail.com on 18 Jul 2013 at 9:23

GoogleCodeExporter commented 9 years ago
The eID card does not cache the PIN authorization in the context of 
non-repudiation signatures. Maybe check out the eID DSS instead of directly 
using the eID Applet for batch signing.

Original comment by frank.co...@gmail.com on 19 Jul 2013 at 1:24

GoogleCodeExporter commented 9 years ago
I have looked into the DSS documentation and if I understand correctly, the 
user is redirected to a website which also uses the eID applet to sign the 
document.

I see that you can send a batch signing request to the eID DSS webservice, but 
after this request, I presume (because the docs are not so clear about this), 
that the user is sent to the same website to effectively sign the documents 
(using the eID applet)?

What happens in this step?
- Documents are signed one after another, having to click OK and enter PIN each 
time
- Documents are signed all at once, with a single OK + PIN entry
- OR?

And what is the result after this step?
- Multiple signed documents
- Some file container with an XML signature
- OR?

Please advice!

Original comment by kevin.va...@gmail.com on 4 Sep 2013 at 10:07